diff --git a/benchmarks/infra/stage-1/README.md b/benchmarks/infra/stage-1/README.md index 482dd77ee..32260df5a 100644 --- a/benchmarks/infra/stage-1/README.md +++ b/benchmarks/infra/stage-1/README.md @@ -68,27 +68,29 @@ gcloud container fleet memberships get-credentials kubectl get nodes ``` - + ## Variables -| name | description | type | required | default | -|---|---|:---:|:---:|:---:| -| [cluster_name](variables.tf#L22) | Name of new or existing cluster. | string | ✓ | | -| [project_id](variables.tf#L17) | Project id of existing or created project. | string | ✓ | | -| [cluster_options](variables.tf#L59) | Specific cluster configuration options | object({…}) | | {} | -| [enable_private_endpoint](variables.tf#L39) | When true, the cluster's private endpoint is used as the cluster endpoint and access through the public endpoint is disabled. | bool | | true | -| [filestore_storage](variables.tf#L96) | Filestore storage instances. If GKE deployment is regional, tier should be set to ENTERPRISE | map(object({…})) | | {} | -| [gke_location](variables.tf#L33) | Region or zone used for cluster. | string | | "us-central1-a" | -| [nodepools](variables.tf#L71) | Nodepools for the cluster | map(object({…})) | | {} | -| [region](variables.tf#L27) | Region used for network resources. | string | | "us-central1" | -| [vpc_create](variables.tf#L45) | Project configuration for newly created VPC. Leave null to use existing VPC, or defaults when project creation is required. | object({…}) | | null | +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [cluster\_name](#input\_cluster\_name) | Name of new or existing cluster. | `string` | n/a | yes | +| [cluster\_options](#input\_cluster\_options) | Specific cluster configuration options | 
object({
    release_channel                       = optional(string, "REGULAR")
    enable_backup_agent                   = optional(bool, false)
    enable_gcs_fuse_csi_driver            = optional(bool, false)
    enable_gcp_filestore_csi_driver       = optional(bool, false)
    enable_gce_persistent_disk_csi_driver = optional(bool, false)
  })
| `{}` | no | +| [enable\_private\_endpoint](#input\_enable\_private\_endpoint) | When true, the cluster's private endpoint is used as the cluster endpoint and access through the public endpoint is disabled. | `bool` | `true` | no | +| [filestore\_storage](#input\_filestore\_storage) | Filestore storage instances. If GKE deployment is regional, tier should be set to ENTERPRISE | 
map(object({
    name        = string
    tier        = string
    capacity_gb = number
  }))
| `{}` | no | +| [gke\_location](#input\_gke\_location) | Region or zone used for cluster. | `string` | `"us-central1-a"` | no | +| [nodepools](#input\_nodepools) | Nodepools for the cluster | 
map(object({
    machine_type   = optional(string, "n2-standard-2"),
    gke_version    = optional(string),
    max_node_count = optional(number, 10),
    min_node_count = optional(number, 1),

    guest_accelerator = optional(object({
      type  = optional(string),
      count = optional(number),
      gpu_driver = optional(object({
        version                    = optional(string, "LATEST"),
        partition_size             = optional(string),
        max_shared_clients_per_gpu = optional(number)
      }))
    }))

    ephemeral_ssd_block_config = optional(object({
      ephemeral_ssd_count = optional(number)
    }))

    local_nvme_ssd_block_config = optional(object({
      local_ssd_count = optional(number)
    }))
  }))
| `{}` | no | +| [prefix](#input\_prefix) | Prefix used for resource names. | `string` | `"ai-gke-0"` | no | +| [private\_cluster\_config](#input\_private\_cluster\_config) | Private cluster configuration. Default of {} configures a private\_cluster with the values in below object. Set to null to make cluster public, which can be used for simple kubectl access when debugging or learning but should not be used in production. May need to destroy & recreate to apply public cluster. | 
object({
    master_global_access = optional(bool, true)
  })
| `{}` | no | +| [project\_id](#input\_project\_id) | Project id of existing or created project. | `string` | n/a | yes | +| [region](#input\_region) | Region used for network resources. | `string` | `"us-central1"` | no | +| [vpc\_create](#input\_vpc\_create) | Project configuration for newly created VPC. Leave null to use existing VPC, or defaults when project creation is required. | 
object({
    name                     = optional(string)
    subnet_name              = optional(string)
    primary_range_nodes      = optional(string, "10.0.0.0/24")
    secondary_range_pods     = optional(string, "10.16.0.0/20")
    secondary_range_services = optional(string, "10.32.0.0/24")
    enable_cloud_nat         = optional(bool, false)
    proxy_only_subnet        = optional(string)
  })
| `null` | no | ## Outputs -| name | description | sensitive | -|---|---|:---:| -| [created_resources](outputs.tf#L17) | IDs of the resources created, if any. | | -| [fleet_host](outputs.tf#L27) | Fleet Connect Gateway host that can be used to configure the GKE provider. | | -| [get_credentials](outputs.tf#L32) | Run one of these commands to get cluster credentials. Credentials via fleet allow reaching private clusters without no direct connectivity. | | -| [project_id](outputs.tf#L22) | Project ID of where the GKE cluster is hosted | | - +| Name | Description | +|------|-------------| +| [created\_resources](#output\_created\_resources) | IDs of the resources created, if any. | +| [fleet\_host](#output\_fleet\_host) | Fleet Connect Gateway host that can be used to configure the GKE provider. | +| [get\_credentials](#output\_get\_credentials) | Run one of these commands to get cluster credentials. Credentials via fleet allow reaching private clusters without no direct connectivity. | +| [project\_id](#output\_project\_id) | Project ID of where the GKE cluster is hosted | + \ No newline at end of file diff --git a/benchmarks/infra/stage-1/modules/gke-infra/README.md b/benchmarks/infra/stage-1/modules/gke-infra/README.md index e9fc8ce32..901a65f2b 100644 --- a/benchmarks/infra/stage-1/modules/gke-infra/README.md +++ b/benchmarks/infra/stage-1/modules/gke-infra/README.md @@ -73,31 +73,34 @@ module "benchmark-0-infra" { } } ``` - + ## Variables -| name | description | type | required | default | -|---|---|:---:|:---:|:---:| -| [cluster_name](variables.tf#L81) | Name of new or existing cluster. | string | ✓ | | -| [project_id](variables.tf#L101) | Project id of existing or created project. | string | ✓ | | -| [cluster_create](variables.tf#L17) | Cluster configuration for newly created cluster. Set to null to use existing cluster, or create using defaults in new project. | object({…}) | | null | -| [enable_private_endpoint](variables.tf#L75) | When true, the cluster's private endpoint is used as the cluster endpoint and access through the public endpoint is disabled. | bool | | true | -| [filestore_storage](variables.tf#L143) | Filestore storage instances. If GKE deployment is regional, tier should be set to ENTERPRISE | map(object({…})) | | {} | -| [fleet_project_id](variables.tf#L88) | GKE Fleet project id. If null cluster project will also be used for fleet. | string | | null | -| [gke_location](variables.tf#L112) | Region or zone used for cluster. | string | | "us-central1-a" | -| [nodepools](variables.tf#L118) | Nodepools for the cluster | map(object({…})) | | {} | -| [prefix](variables.tf#L94) | Prefix used for resource names. | string | | "ai-gke-0" | -| [project_create](variables.tf#L45) | Project configuration for newly created project. Leave null to use existing project. Project creation forces VPC and cluster creation. | object({…}) | | null | -| [region](variables.tf#L106) | Region used for network resources. | string | | "us-central1" | -| [registry_create](variables.tf#L55) | Create remote Docker Artifact Registry. | bool | | true | -| [vpc_create](variables.tf#L61) | Project configuration for newly created VPC. Leave null to use existing VPC, or defaults when project creation is required. | object({…}) | | null | +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [cluster\_create](#input\_cluster\_create) | Cluster configuration for newly created cluster. Set to null to use existing cluster, or create using defaults in new project. | 
object({
    labels = optional(map(string))
    master_authorized_ranges = optional(map(string), {
      rfc-1918-10-8 = "10.0.0.0/8"
    })
    master_ipv4_cidr_block = optional(string, "172.16.255.0/28")
    vpc = optional(object({
      id        = string
      subnet_id = string
      secondary_range_names = optional(object({
        pods     = optional(string, "pods")
        services = optional(string, "services")
      }), {})
    }))
    version = optional(string)
    options = optional(object({
      release_channel                       = optional(string, "REGULAR")
      enable_backup_agent                   = optional(bool, false)
      dns_cache                             = optional(bool, true)
      enable_gcs_fuse_csi_driver            = optional(bool, false)
      enable_gcp_filestore_csi_driver       = optional(bool, false)
      enable_gce_persistent_disk_csi_driver = optional(bool, false)
    }), {})
  })
| `null` | no | +| [cluster\_name](#input\_cluster\_name) | Name of new or existing cluster. | `string` | n/a | yes | +| [enable\_private\_endpoint](#input\_enable\_private\_endpoint) | When true, the cluster's private endpoint is used as the cluster endpoint and access through the public endpoint is disabled. Ignored if private\_cluster\_config set to null. | `bool` | `true` | no | +| [filestore\_storage](#input\_filestore\_storage) | Filestore storage instances. If GKE deployment is regional, tier should be set to ENTERPRISE | 
map(object({
    name        = string
    tier        = string
    capacity_gb = number
  }))
| `{}` | no | +| [fleet\_project\_id](#input\_fleet\_project\_id) | GKE Fleet project id. If null cluster project will also be used for fleet. | `string` | `null` | no | +| [gke\_autopilot](#input\_gke\_autopilot) | Create GKE Autopiot cluster | `bool` | `false` | no | +| [gke\_location](#input\_gke\_location) | Region or zone used for cluster. | `string` | `"us-central1-a"` | no | +| [node\_locations](#input\_node\_locations) | Zones in which the GKE Autopilot cluster's nodes are located. | `list(string)` | `[]` | no | +| [nodepools](#input\_nodepools) | Nodepools for the GKE Standard cluster | 
map(object({
    machine_type   = optional(string, "n2-standard-2"),
    gke_version    = optional(string),
    max_node_count = optional(number, 10),
    min_node_count = optional(number, 1),

    guest_accelerator = optional(object({
      type  = optional(string),
      count = optional(number),
      gpu_driver = optional(object({
        version                    = string
        partition_size             = optional(string)
        max_shared_clients_per_gpu = optional(number)
      }))
    }))

    ephemeral_ssd_block_config = optional(object({
      ephemeral_ssd_count = optional(number)
    }))

    local_nvme_ssd_block_config = optional(object({
      local_ssd_count = optional(number)
    }))
  }))
| `{}` | no | +| [prefix](#input\_prefix) | Prefix used for resource names. | `string` | `"ai-gke-0"` | no | +| [private\_cluster\_config](#input\_private\_cluster\_config) | Private cluster configuration. Default of {} configures a private\_cluster with the values in below object. Set to null to make cluster public, which can be used for simple kubectl access when debugging or learning but should not be used in production. May need to destroy & recreate to apply public cluster. | 
object({
    master_global_access    = optional(bool, true)
  })
| `{}` | no | +| [project\_create](#input\_project\_create) | Project configuration for newly created project. Leave null to use existing project. Project creation forces VPC and cluster creation. | 
object({
    billing_account = string
    parent          = optional(string)
    shared_vpc_host = optional(string)
  })
| `null` | no | +| [project\_id](#input\_project\_id) | Project id of existing or created project. | `string` | n/a | yes | +| [region](#input\_region) | Region used for network resources. | `string` | `"us-central1"` | no | +| [registry\_create](#input\_registry\_create) | Create remote Docker Artifact Registry. | `bool` | `true` | no | +| [vpc\_create](#input\_vpc\_create) | Project configuration for newly created VPC. Leave null to use existing VPC, or defaults when project creation is required. | 
object({
    name                     = optional(string)
    subnet_name              = optional(string)
    primary_range_nodes      = optional(string, "10.0.0.0/24")
    secondary_range_pods     = optional(string, "10.16.0.0/20")
    secondary_range_services = optional(string, "10.32.0.0/24")
    enable_cloud_nat         = optional(bool, false)
    proxy_only_subnet        = optional(string)
  })
| `null` | no | ## Outputs -| name | description | sensitive | -|---|---|:---:| -| [created_resources](outputs.tf#L17) | IDs of the resources created, if any. | | -| [fleet_host](outputs.tf#L49) | Fleet Connect Gateway host that can be used to configure the GKE provider. | | -| [get_credentials](outputs.tf#L58) | Run one of these commands to get cluster credentials. Credentials via fleet allow reaching private clusters without no direct connectivity. | | -| [project_id](outputs.tf#L44) | Project ID of where the GKE cluster is hosted | | - +| Name | Description | +|------|-------------| +| [created\_resources](#output\_created\_resources) | IDs of the resources created, if any. | +| [fleet\_host](#output\_fleet\_host) | Fleet Connect Gateway host that can be used to configure the GKE provider. | +| [get\_credentials](#output\_get\_credentials) | Run one of these commands to get cluster credentials. Credentials via fleet allow reaching private clusters without no direct connectivity. | +| [project\_id](#output\_project\_id) | Project ID of where the GKE cluster is hosted | + \ No newline at end of file diff --git a/benchmarks/infra/stage-1/modules/gke-infra/cluster.tf b/benchmarks/infra/stage-1/modules/gke-infra/cluster.tf index dc7066193..375c64b03 100644 --- a/benchmarks/infra/stage-1/modules/gke-infra/cluster.tf +++ b/benchmarks/infra/stage-1/modules/gke-infra/cluster.tf @@ -84,10 +84,9 @@ module "cluster-standard" { master_authorized_ranges = var.cluster_create.master_authorized_ranges master_ipv4_cidr_block = var.cluster_create.master_ipv4_cidr_block } - private_cluster_config = { + private_cluster_config = var.private_cluster_config == null ? null : merge(var.private_cluster_config, { enable_private_endpoint = var.enable_private_endpoint - master_global_access = true - } + }) labels = var.cluster_create.labels release_channel = var.cluster_create.options.release_channel backup_configs = { @@ -139,10 +138,9 @@ module "cluster-autopilot" { master_authorized_ranges = var.cluster_create.master_authorized_ranges master_ipv4_cidr_block = var.cluster_create.master_ipv4_cidr_block } - private_cluster_config = { + private_cluster_config = var.private_cluster_config == null ? null : merge(var.private_cluster_config, { enable_private_endpoint = var.enable_private_endpoint - master_global_access = true - } + }) labels = var.cluster_create.labels release_channel = var.cluster_create.options.release_channel backup_configs = { diff --git a/benchmarks/infra/stage-1/modules/gke-infra/variables.tf b/benchmarks/infra/stage-1/modules/gke-infra/variables.tf index 97169076d..4bf79563d 100644 --- a/benchmarks/infra/stage-1/modules/gke-infra/variables.tf +++ b/benchmarks/infra/stage-1/modules/gke-infra/variables.tf @@ -80,11 +80,19 @@ variable "vpc_create" { } variable "enable_private_endpoint" { - description = "When true, the cluster's private endpoint is used as the cluster endpoint and access through the public endpoint is disabled." + description = "When true, the cluster's private endpoint is used as the cluster endpoint and access through the public endpoint is disabled. Ignored if private_cluster_config set to null. May need to destroy & recreate to apply public cluster." type = bool default = true } +variable "private_cluster_config" { + description = "Private cluster configuration. Default of {} configures a private_cluster with the values in below object. Set to null to make cluster public, which can be used for simple kubectl access when debugging or learning but should not be used in production." + type = object({ + master_global_access = optional(bool, true) + }) + default = {} +} + variable "cluster_name" { description = "Name of new or existing cluster." type = string diff --git a/benchmarks/infra/stage-1/variables.tf b/benchmarks/infra/stage-1/variables.tf index fa326a31e..4d6f0275e 100644 --- a/benchmarks/infra/stage-1/variables.tf +++ b/benchmarks/infra/stage-1/variables.tf @@ -37,11 +37,19 @@ variable "gke_location" { } variable "enable_private_endpoint" { - description = "When true, the cluster's private endpoint is used as the cluster endpoint and access through the public endpoint is disabled." + description = "When true, the cluster's private endpoint is used as the cluster endpoint and access through the public endpoint is disabled. Ignored if private_cluster_config set to null." type = bool default = true } +variable "private_cluster_config" { + description = "Private cluster configuration. Default of {} configures a private_cluster with the values in below object. Set to null to make cluster public, which can be used for simple kubectl access when debugging or learning but should not be used in production. May need to destroy & recreate to apply public cluster." + type = object({ + master_global_access = optional(bool, true) + }) + default = {} +} + variable "vpc_create" { description = "Project configuration for newly created VPC. Leave null to use existing VPC, or defaults when project creation is required." type = object({